Explore skills

Create phases to close all gaps identified by milestone audit

Check project progress, show context, and route to next action (execute or plan). Use --forensic to append a 6-check integrity audit after the standard report.

Look up a vulnerability by ID or list all vulnerabilities for a package

Analyze exploit intelligence for a vulnerability against the current repository

Get fix intelligence for a vulnerability and propose concrete remediation for the current repository

Audit connected MCP servers for token overhead, redundancy, and security. Use when sessions feel slow or before adding new MCPs.

Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities".

This skill covers WPS PIN attack methodologies, including the Pixie Dust offline attack against vulnerable chipsets and online PIN brute-force with reaver/bully. It also addresses lockout handling, time-of-day evasion, WPS push-button vulnerabilities, and PIN-to-PSK derivation, useful when targeting SOHO routers with WPS enabled.

CTF Reverse Engineering techniques for analyzing unknown binaries, cracking game client verifications, de-obfuscating code, and interpreting custom VMs. It covers static/dynamic analysis, anti-debugging bypass, and multi-platform reverse engineering for WASM, .NET, APK, Python bytecode, Go, and Rust.

This skill details a complete bug bounty workflow, encompassing reconnaissance, pre-hunt learning, and vulnerability hunting for a wide range of common web exploits like IDOR, XSS, and SQLi.

A complete bug bounty workflow encompassing reconnaissance (subdomain enumeration, asset discovery, fingerprinting), pre-hunt learning (disclosed reports, tech stack research), and vulnerability hunting for various issues including IDOR, SSRF, XSS, SQLi, and advanced techniques like GraphQL and HTTP smuggling.

This skill details a Microsoft 365 / Entra ID red-team attack chain, reflecting current 2026 realities, covering AADSTS codes, user enumeration, Smart Lockout math, Conditional Access bypass, ROPC + SAML SSO flows, and Burp/Playwright templates. It's derived from authorized red-team operations that uncovered pre-existing lockouts and CA-blocked credentials, combined with real-time external attacker observations.